Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for processing a graphic code, the method comprising: scanning, by a scanning device, a graphic code displayed on a user terminal of a user to obtain an image of the graphic code; extracting, from the image of the graphic code by a processor coupled to the scanning device, graphic code information encoded in the graphic code; verifying, by the processor, signature information in the graphic code information, wherein the graphic code information comprises the signature information, at least one piece of identity information of the user, and service permission information of multiple services; in response to that the signature information is successfully verified, determining, by the processor, whether the at least one piece of identity information of the user matches identity information accepted by a service provider corresponding to the scanning device; in response to determining that the at least one piece of identity information of the user matches the identity information accepted by the service provider corresponding to the scanning device, determining, by the processor, whether the service permission information of multiple services of the graphic code information matches service permission information of a service supported by the scanning device; and in response to determining that the service permission information of multiple services of the graphic code information matches the service permission information of the service supported by the scanning device, executing, by the processor, the service supported by the scanning device.
This invention relates to a system for processing graphic codes, such as QR codes, to authenticate users and authorize service access. The method involves scanning a graphic code displayed on a user's terminal to capture an image of the code. A processor extracts encoded information from the image, which includes signature data, user identity details, and service permission data for multiple services. The processor verifies the signature to ensure the code's integrity and authenticity. If verified, the system checks whether the user's identity matches the criteria accepted by the service provider associated with the scanning device. If the identity is valid, the system then checks if the service permissions in the graphic code align with the services supported by the scanning device. If both conditions are met, the requested service is executed. This approach ensures secure and automated authentication and authorization for services accessed via graphic codes, reducing manual verification steps and enhancing security through cryptographic validation. The system is particularly useful in scenarios requiring quick, reliable identity verification and service access control, such as payments, access control, or digital transactions.
2. The method according to claim 1 , wherein the determining, by the processor, whether the at least one piece of identity information of the user matches identity information accepted by a service provider corresponding to the scanning device comprises: extracting, by the processor, the at least one piece of identity information of the user from the graphic code information; and comparing, by the processor, the at least one piece of identity information of the user with the identity information accepted by the service provider corresponding to the scanning device; and when the at least one piece of identity information of the user includes the identity information accepted by the service provider, determining, by the processor, that the at least one piece of identity information of the user matches identity information accepted by the service provider corresponding to the scanning device.
3. The method according to claim 2 , wherein the extracting, by the processor, the at least one piece of identity information of the user from the graphic code information comprises: extracting, by the processor, an identity information field from the graphic code information; and extracting, by the processor, a plurality of identity information subfields from the identity information field, wherein one of the identity information subfields corresponds to the at least one piece of identity information of the user.
4. The method according to claim 1 , wherein the determining, by the processor, whether the service permission information of multiple services of the graphic code information matches service permission information of a service supported by the scanning device comprises: extracting, by the processor, the service permission information of the multiple services from the graphic code information; and comparing, by the processor, the service permission information of the multiple services with the service permission information of the service supported by the scanning device; and when the service permission information of the multiple services includes the service permission information of the service supported by the scanning device, determining, by the processor, that the service permission information of multiple services of the graphic code information matches service permission information of a service supported by the scanning device.
5. The method according to claim 4 , wherein the extracting, by the processor, the service permission information of the multiple services from the graphic code information comprises: extracting, by the processor, a service permission information field from the graphic code information; and extracting, by the processor, a plurality of permission information subfields from the service permission information field, wherein one of the permission information subfields corresponds to service permission information of the service.
6. The method according to claim 2 , wherein before determining, by the processor, whether the at least one piece of identity information of the user matches identity information accepted by the service provider corresponding to the scanning device, the method further comprises: determining, by the processor, whether the extracted at least one piece of identity information includes encrypted identity ciphertext information; and in response to determining that the extracted at least one piece of identity information includes encrypted identity ciphertext information, decrypting, by the processor, the encrypted identity ciphertext information to obtain decrypted identity information of the user.
7. The method according to claim 1 , wherein: the service permission information of the service comprises at least at least one of: the service supported by the scanning device, and service provider information corresponding to the service supported by the scanning device; and the at least one piece of identity information of the user comprises at least one of: a name and identification information of the user, and location information for the service supported by the scanning device.
8. The method according to claim 1 , wherein the service supported by the scanning device includes one of opening a gate for the user or performing a payment for the user.
9. An apparatus comprising: one or more processors; and a memory storing instructions executable by the one or more processors to cause the one or more processors to perform operations comprising: obtaining an image of a graphic code from a scanning device that scans the graphic code displayed on a user terminal of a user; extracting, from the image of the graphic code, graphic code information encoded in the graphic code; verifying signature information in the graphic code information, wherein the graphic code information comprises the signature information, at least one piece of identity information of the user, and service permission information of multiple services; in response to that the signature information is successfully verified, determining whether the at least one piece of identity information of the user matches identity information accepted by a service provider corresponding to the scanning device; in response to determining that the at least one piece of identity information of the user matches the identity information accepted by the service provider corresponding to the scanning device, determining whether the service permission information of multiple services of the graphic code information matches service permission information of a service supported by the scanning device; and in response to determining that the service permission information of multiple services of the graphic code information matches the service permission information of the service supported by the scanning device, executing the service supported by the scanning device.
10. The apparatus according to claim 9 , wherein the determining whether the at least one piece of identity information of the user matches identity information accepted by a service provider corresponding to the scanning device comprises: extracting the at least one piece of identity information of the user from the graphic code information; and comparing the at least one piece of identity information of the user with the identity information accepted by the service provider corresponding to the scanning device; and when the at least one piece of identity information of the user includes the identity information accepted by the service provider, determining that the at least one piece of identity information of the user matches identity information accepted by the service provider corresponding to the scanning device.
11. The apparatus according to claim 10 , wherein the extracting the at least one piece of identity information of the user from the graphic code information comprises: extracting an identity information field from the graphic code information; and extracting a plurality of identity information subfields from the identity information field, wherein one of the identity information subfields corresponds to the at least one piece of identity information of the user.
12. The apparatus according to claim 9 , wherein the determining whether the service permission information of multiple services of the graphic code information matches service permission information of a service supported by the scanning device comprises: extracting the service permission information of the multiple services from the graphic code information; and comparing the service permission information of the multiple services with the service permission information of the service supported by the scanning device; and when the service permission information of the multiple services includes the service permission information of the service supported by the scanning device, determining that the service permission information of multiple services of the graphic code information matches service permission information of a service supported by the scanning device.
13. The apparatus according to claim 12 , wherein the extracting the service permission information of the multiple services from the graphic code information comprises: extracting a service permission information field from the graphic code information; and extracting a plurality of permission information subfields from the service permission information field, wherein one of the permission information subfields corresponds to service permission information of the service supported by the scanning device.
14. The apparatus according to claim 10 , wherein before determining whether the at least one piece of identity information of the user matches identity information accepted by the service provider corresponding to the scanning device, the operations further comprise: determining whether the extracted at least one piece of identity information includes encrypted identity ciphertext information; and in response to determining that the extracted at least one piece of identity information includes encrypted identity ciphertext information, decrypting the identity ciphertext information to obtain decrypted identity information of the user.
15. The apparatus according to claim 9 , wherein the service permission information of the service supported by the scanning device comprises at least at least one of: the service supported by the scanning device, and service provider information corresponding to the service supported by the scanning device; and the at least one piece of identity information of the user comprises at least one of: a name and identification information of the user, and location information for the service supported by the scanning device.
16. The apparatus according to claim 9 , wherein the service supported by the scanning device includes one of opening a gate for the user or performing a payment for the user.
17. One or more non-transitory computer-readable storage media configured with instructions executable by one or more processors to cause the one or more processors to perform operations comprising: obtaining an image of a graphic code from a scanning device that scans the graphic code displayed on a user terminal of a user; extracting, from the image of the graphic code, graphic code information encoded in the graphic code; verifying signature information in the graphic code information, wherein the graphic code information comprises the signature information, at least one piece of identity information of the user, and service permission information of multiple services; in response to that the signature information is successfully verified, determining whether the at least one piece of identity information of the user matches identity information accepted by a service provider corresponding to the scanning device; in response to determining that the at least one piece of identity information of the user matches the identity information accepted by the service provider corresponding to the scanning device, determining whether the service permission information of multiple services of the graphic code information matches service permission information of a service supported by the scanning device; and in response to determining that the service permission information of multiple services of the graphic code information matches the service permission information of the service supported by the scanning device, executing the service supported by the scanning device.
18. The one or more non-transitory computer-readable storage media according to claim 17 , wherein the determining whether the at least one piece of identity information of the user matches identity information accepted by a service provider corresponding to the scanning device comprises: extracting the at least one piece of identity information of the user from the graphic code information; and comparing the at least one piece of identity information of the user with the identity information accepted by the service provider corresponding to the scanning device; and when the at least one piece of identity information of the user includes the identity information accepted by the service provider, determining that the at least one piece of identity information of the user matches identity information accepted by the service provider corresponding to the scanning device.
19. The one or more non-transitory computer-readable storage media according to claim 17 , wherein the determining whether the service permission information of multiple services of the graphic code information matches service permission information of a service supported by the scanning device comprises: extracting the service permission information of the multiple services from the graphic code information; and comparing the service permission information of the multiple services with the service permission information of the service supported by the scanning device; and when the service permission information of the multiple services includes the service permission information of the service supported by the scanning device, determining that the service permission information of multiple services of the graphic code information matches service permission information of a service supported by the scanning device.
20. The one or more non-transitory computer-readable storage media according to claim 18 , wherein before determining whether the at least one piece of identity information of the user matches identity information accepted by the service provider corresponding to the scanning device, the operations further comprise: determining whether the extracted at least one piece of identity information includes encrypted identity ciphertext information; and in response to determining that the extracted at least one piece of identity information includes encrypted identity ciphertext information, decrypting the encrypted identity ciphertext information to obtain decrypted identity information of the user.
Unknown
March 9, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.